12 matches found
EUVD-2001-0832
Malware in sbrugna...
Design/Logic Flaw
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check...
CVE-2022-33913
CVE-2022-33913 affects Mahara: versions 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2; the issue allows files to be downloaded through thumb.php without a permission check. The Red Hat and OpenVAS datasets corroborate the same description. The root cause is missing access control on thu...
CVE-2019-16986
In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. resources\securedownload.php is also affected...
Input validation
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the...
Schneider Electric Unity PRO Remote Code Execution Vulnerability
Unity Pro is the universal IEC61131-3 programming, debugging and runtime software package for Premium, Atrium and Quantum PLCs. A remote code execution vulnerability exists in Schneider Electric Unity PRO in an insecure file download, which can be exploited by a remote attacker to execute arbitra...
eRoom 6.0 Plug-In Insecure File Download Handling Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when...
Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities
Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================================= FILE INFO:...
Aladdin Knowledge System Ltd. Active-X Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================================= FILE INFO: ============================================================================================= Aladdin Knowledge System Ltd. PrivAgent ActiveX...
Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================================= FILE INFO: ============================================================================================= Aladdin Knowledge System Ltd. PrivAgent ActiveX...
Aladdin Knowledge System Ltd PrivAgent ActiveX Control 2.0 Multiple Vulnerabilities
Exploit for windows platform in category dos / poc ============================================================================================= FILE INFO: ============================================================================================= Aladdin Knowledge System Ltd. PrivAgent ActiveX...
eRoom 6.0 PlugIn - Insecure File Download Handling
source: https://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when downloaded. This can occur without user...